SMA SSL VPN: Configure static IPs or IP ranges for specific users and groups
06/22/2020 31 15707
Customers may need to configure specific IP addresses or ranges for certain users or group of users. This KB article explains how to achieve this by configuring different static IP Pools per user or per group.
The IP addresses Pool can be configured globally, per user or per group. In order to set the global IP range that the NetExtender clients will receive when they connect to the SSL VPN you need to go to "NetExtender" > "Client Settings" > select "Use Static Pool" and specify the range inside "Client Address Range Begin" and "Client Address Range End" as in the example shown below.
If you need to configure a specific IP address for a particular user you can do it by going to "Users" > "Local Users" > click on the "Configure" button located on the right hand side of the user > click on the "Nx Settings" tab and configure the Client address pool as shown in the example below.
When that particular user connects to the VPN, he/she will get assigned that specific IP address or range.
Please note that in order for the user to appear inside the "Local Users" menu, this user must have been created locally or authenticated before. Make also sure that the option "Delete external user accounts on logout" for that specific domain is not selected. You can check this by going to "Portals" > "Domains" and click on the "Configure" button for that particular domain.
The same can also be configured per group by following the same steps as above for a specific group from "Users" > "Local Groups". When configuring multiple different IP address ranges make also sure that you are creating the corresponding routes inside your internal network devices so that they know how to route the traffic back to the SSL VPN clients.